File:  [NetBSD Developer Wiki] / wikisrc / Attic / lighttpd_on_netbsd.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Mon Nov 21 03:22:58 2011 UTC (9 years, 7 months ago) by mspo
Branches: MAIN
CVS tags: HEAD
finish importing the pages from my findings in the wiki



##  Prelude 

How to deploy a high performance webserver using NetBSD and Lighttpd. 

##  Installation 

We will install it from pkgsrc because we need some fetures which are not enabled in the binary. 

First of all, let's use gamin as the default file alteration monitor instead of fam: 
    # FAM_DEFAULT=gamin

Of course you can stick with fam if you'd like. 

After that we will enable fam support in lighty: 
    # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf

Now the good old magic words: 
    # cd /usr/pkgsrc/www/lighttpd/
    # make install clean clean-depends

Install the rc.d files if you dont do that automaticaly: 
    # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/

##  The lighttpd user 

By default there is no user created for lighttpd, thus you will have to create one: 
    # groupadd lighttpd
    # useradd -s /sbin/nologin -g lighttpd lighttpd

##  Configuration 

Set the docroot whereever you want: 
    server.document-root        = "/srv/lighttpd/htdocs"

Set the default location for logs: 
    server.errorlog             = "/var/log/lighttpd/error.log"
    accesslog.filename          = "/var/log/lighttpd/access.log"

You need to create the directory /var/log/lighttpd with proper permissions: 
    # install -d -o lighttpd -g lighttpd /var/log/lighttpd

Let's use the user we have created for lighttpd: 
    server.username            = "lighttpd"
    server.groupname           = "lighttpd"

Enable kqueue: 
    server.event-handler        = "kqueue"

Enable fam: 
    server.stat-cache-engine    = "fam"

##  Testing the setup 

You can start the webserver with: 
    /etc/rc.d/lighttpd start

Check your logs if you encounter any problem. 

##  Setting up authentication 

###  Directory server 

We will use OpenLdap. 

First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [OpenLDAP Authentication on NetBSD][10]. 

   [10]: /OpenLDAP_Authentication_on_NetBSD (OpenLDAP Authentication on NetBSD)

Be sure to load mod_auth and include the following in your lighttpd.conf file: 
    # ldap authentication
    auth.backend               = "ldap"
    auth.backend.ldap.hostname = "grimnismal.local"
    auth.backend.ldap.base-dn  = "dc=grimnismal,dc=local"
    auth.backend.ldap.filter   = "(uid=$)"
    auth.backend.ldap.bind-dn  = "cn=Manager,dc=grimnismal,dc=local"
    # passwd for bind-dn, separated for security reasons
    # contains: auth.backend.ldap.bind-pw  = "your-password"
    # It must NOT be word readable!
    include "ldapsecret"
    auth.require               = ( "/server-status" =>
                                     "method"  => "basic",
                                     "realm"   => "Admin only page",
                                     "require" => "user=replaced"
                                   "/server-config" =>
                                     "method"  => "basic",      
                                     "realm"   => "Staff only page",
                                     "require" => "valid-user"  

CVSweb for NetBSD wikisrc <> software: FreeBSD-CVSweb